From 35d9864e0bf8141a1496f5da7fa7a107a13ffc9e Mon Sep 17 00:00:00 2001 From: John Lagnese Date: Fri, 8 May 2020 10:26:24 -0500 Subject: [PATCH] One more fix is required to correctly generate canonical strings with query parameter arrays. Because the canonical string must be generated in a repeatable, consistent way, if a query parameter appears multiple times in the request, it must be ordered by it's value alphanumerically. --- Aws4Signer/AWS4RequestSigner.cs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Aws4Signer/AWS4RequestSigner.cs b/Aws4Signer/AWS4RequestSigner.cs index d1dcf1b..9d17ab0 100644 --- a/Aws4Signer/AWS4RequestSigner.cs +++ b/Aws4Signer/AWS4RequestSigner.cs @@ -162,9 +162,12 @@ private static string GetCanonicalQueryParams(HttpRequestMessage request) } else { - // Query params must be escaped in upper case (i.e. "%2C", not "%2c"). // Handles multiple values per query parameter - var queryValues = querystring[key].Split(',').Select(v => $"{Uri.EscapeDataString(key)}={Uri.EscapeDataString(v)}"); + var queryValues = querystring[key].Split(',') + // Order by value alphanumerically (required for correct canonical string) + .OrderBy(v => v) + // Query params must be escaped in upper case (i.e. "%2C", not "%2c"). + .Select(v => $"{Uri.EscapeDataString(key)}={Uri.EscapeDataString(v)}"); values.Add(Uri.EscapeDataString(key), queryValues); }